pokerman79 opened a new issue, #9176: URL: https://github.com/apache/trafficserver/issues/9176
Hi, I would appreciate any assistance to configure ATS (9.1.3) as forwarding proxy with certifier Configured certifier in plugins and got message that "Dynamic cert generation is enabled". plugin is set to receive TS_SSL_CERT_HOOK but whatever I tried I'm unable to see this hook being triggered some of the config options that would matter: CONFIG proxy.config.http.server_ports STRING 8080 CONFIG proxy.config.reverse_proxy.enabled INT 0 CONFIG proxy.config.url_remap.remap_required INT 0 ssl_multicert dest_ip=* ssl_cert_name=myCA.crt plugins certifier.so --store /etc/trafficserver/certs --max 1000 --sign-cert /etc/trafficserver/certifier/myCA.crt --sign-key /etc/trafficserver/certifier/myCA.key --sign-serial /etc/trafficserver/certifier/ca-serial.txt When calling curl -vI -x 10.10.13.5:8080 "https://ipecho.net"; I get proper response but certifier is not activated and I get real tunnel connection +++++++++ Proxy's Request +++++++++ -- State Machine Id: 3 CONNECT ipecho.net:443 HTTP/1.1 Host: ipecho.net:443 User-Agent: curl/7.64.1 Via: http/1.1 traffic_server[b4732282-fd4e-4c71-af65-3813df62f127] (ApacheTrafficServer/9.1.3) [Nov 3 00:32:21.082] [ET_NET 18] DEBUG: <HttpTransact.cc:2208 (LookupSkipOpenServer)> (http_trans) Next action next; HttpTransact::HandleResponse [Nov 3 00:32:21.082] [ET_NET 18] DEBUG: <HttpSM.cc:7409 (call_transact_and_set_next_state)> (http) [3] State Transition: SM_ACTION_API_OS_DNS -> SM_ACTION_ORIGIN_SERVER_RAW_OPEN [Nov 3 00:32:21.082] [ET_NET 18] DEBUG: <HttpSM.cc:4944 (do_http_server_open)> (http_track) entered inside do_http_server_open ][ipv4] [Nov 3 00:32:21.082] [ET_NET 18] DEBUG: <HttpSM.cc:4964 (do_http_server_open)> (http) [3] open connection to ipecho.net: 34.160.111.145:443 [Nov 3 00:32:21.082] [ET_NET 18] DEBUG: <HttpSM.cc:4977 (do_http_server_open)> (http_seq) [HttpSM::do_http_server_open] Sending request to server [Nov 3 00:32:21.082] [ET_NET 18] DEBUG: <HttpSM.cc:5311 (do_http_server_open)> (http) calling netProcessor.connect_re [Nov 3 00:32:21.082] [ET_NET 18] DEBUG: <HttpSM.cc:2715 (main_handler)> (http) [3] [HttpSM::main_handler, NET_EVENT_OPEN/TS_EVENT_NET_CONNECT] [Nov 3 00:32:21.082] [ET_NET 18] DEBUG: <HttpSM.cc:1233 (state_raw_http_server_open)> (http) [3] [&HttpSM::state_raw_http_server_open, NET_EVENT_OPEN/TS_EVENT_NET_CONNECT] [Nov 3 00:32:21.082] [ET_NET 18] DEBUG: <HttpTransact.cc:3372 (OriginServerRawOpen)> (http_trans) [3] [HttpTransact::OriginServerRawOpen] [Nov 3 00:32:21.082] [ET_NET 18] DEBUG: <HttpTransactHeaders.cc:1137 (add_server_header_to_response)> (http_trans) Adding Server: ATS/9.1.3 +++++++++ Proxy's Response 2 +++++++++ -- State Machine Id: 3 HTTP/1.1 200 OK Date: Thu, 03 Nov 2022 00:32:21 GMT Proxy-Connection: keep-alive Server: ATS/9.1.3 [Nov 3 00:32:21.082] [ET_NET 18] DEBUG: <HttpTransact.cc:3393 (OriginServerRawOpen)> (http_trans) [3] [OriginServerRawOpen] connection alive. next action is ssl_tunnel [Nov 3 00:32:21.082] [ET_NET 18] DEBUG: <HttpSM.cc:7409 (call_transact_and_set_next_state)> (http) [3] State Transition: SM_ACTION_ORIGIN_SERVER_RAW_OPEN -> SM_ACTION_SSL_TUNNEL [Nov 3 00:32:21.082] [ET_NET 18] DEBUG: <HttpTunnel.cc:605 (add_producer)> (http_tunnel) [3] adding producer 'http server - tunnel' [Nov 3 00:32:21.082] [ET_NET 18] DEBUG: <HttpTunnel.cc:660 (add_consumer)> (http_tunnel) [3] adding consumer 'user agent - tunnel' [Nov 3 00:32:21.082] [ET_NET 18] DEBUG: <HttpTunnel.cc:605 (add_producer)> (http_tunnel) [3] adding producer 'user agent - tunnel' [Nov 3 00:32:21.082] [ET_NET 18] DEBUG: <HttpTunnel.cc:660 (add_consumer)> (http_tunnel) [3] adding consumer 'http server - tunnel' [Nov 3 00:32:21.082] [ET_NET 18] DEBUG: <HttpTunnel.cc:707 (tunnel_run)> (http_tunnel) tunnel_run started, p_arg is NULL [Nov 3 00:32:21.082] [ET_NET 18] DEBUG: <HttpTunnel.cc:1319 (consumer_handler)> (http_tunnel) [3] consumer_handler [user agent - tunnel VC_EVENT_WRITE_READY/TS_EVENT_VCONN_WRITE_READY] [Nov 3 00:32:21.090] [ET_NET 18] DEBUG: <HttpTunnel.cc:1319 (consumer_handler)> (http_tunnel) [3] consumer_handler [http server - tunnel VC_EVENT_WRITE_READY/TS_EVENT_VCONN_WRITE_READY] [Nov 3 00:32:21.096] [ET_NET 18] DEBUG: <HttpTunnel.cc:1113 (producer_handler)> (http_tunnel) [3] producer_handler [user agent - tunnel VC_EVENT_READ_READY/TS_EVENT_VCONN_READ_READY] -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
